Saturday, August 28, 2010

The book seems to be saying that financial market processes simply cannot be captured using the conventional notions of probability. The author writes in summary

The current crisis has led us to a conceptual impasse regarding the financial market. No prediction model can apply to the market …

Probability has to be discarded and a new category has to emerge instead, which will mediate contingency …

In fact, the market has nothing to do with Wall Street or with the investment banks. Market-making is a creative activity. The market is a category of thought that is independent of ideology. It replaces probability altogether and discarding the market, like the philosophers of the radical change claim we should do, is like discarding probability!

Not a very positive review from Reading the Markets, who found the book quite hard to read. There is some discussion on a Wilmott mailing list as well.

Below is part of a graphic which depicts the A5/1 state space generated when checking if the correct key has been determined from a rainbow table lookup. Once a key candidate has been found using the rainbow tables, the A5/1 cipher needs to be advanced (forward clocked) and undone (back-clocked) to verify that the candidate key is correct.

The grey paths represent states that are not accessible through forward clocking, and the green paths have many ancestor states leading to the same key stream. Red paths have few ancestor states leading to the same key stream. The graphic is from the A5/1 rainbow table generation project led by Karsten Nohl.

Friday, August 27, 2010

Researchers from the Georgia Tech Research Institute have announced that the power of GPU processors now poses a real threat to password security, and by implication, to the security of critical IT infrastructure. Top of the line GPU devices now process at the rate of 2 Teraflops second, which is around 30% of the computing power the fastest computing cluster could muster 10 years ago for a price tag of over $100 million. Given that the main GPU manufacturers have made their devices programmable through standard C libraries, password cracking has become democratized.

The researchers state that 7 character passwords are now totally insecure against exhaustive attacks and recommend 12 characters, drawn from the full 94 printable keyboard characters. GPU processors can also be used to generate rainbow tables for offline password cracking, which was the approach taken recently by Karsten Knol to building rainbow table using CUDA nodes.

Of course, applying GPU devices to password creaking is not new, and Elcomsoft has made a name for itself using high-end gaming chips to recover and benchmark passwords. I am a little surprised that the researchers did not mention this. In any case, Elcomsoft has a great blog and you can find a good presentation on GPU password cracking here.

Adding spin to password-based computations is a workaround to the unpleasant fact that human habits and memory are vastly outmoded in today's IT environment. Everything is getting faster, better and cheaper - except us. Passwords remain the most toxic asset on the security balance sheet, but don't expect a bailout any time soon.

Sean O'Neil, a security developer (or at least an amateur one), has posted code that is binary-compatible with an obfuscated version of RC4 that is used to protect Skype control traffic (user searches, profiles, contact lists). O’Neil says that the obfuscated version of RC4 is keyless and serves no useful security purpose, but its presence is intended to render Skype incompatible with other messaging clients, effectively making it a proprietary system. Even though Skype was intending to open its APIs to all desktop clients soon enough, O’Neil sees himself as buster of Skype’s 10 year monopoly.

The story is being widely reported in the press (see links below), and it is easy to assume that the general security of Skype has been compromised, especially when O’Neil’s own post carried the title Skype’s Biggest Secret Revealed. But the secret was disentangling the modified version of RC4 from Skype’s operation. User privacy remains protected since full strength versions of AES-256, RSA-1024 and RSA-2048 are used to encrypt session traffic. The code itself is surely obfuscated since the source is over 2800 lines of C, when 50 or so is enough to implement RC4.

The full implications of the discovery are still playing out, and whether losing their biggest secret poses a serious issue for Skype. O’Neil is promising to release more details at the Chaos Communication Conference in Berlin this December.

Thursday, August 26, 2010

Here is a Flash rendering of a FreeMind map I made from the excellent post Surviving Cyber War: A Primer on DDoS by Richard Stiennon, which appeared last November. The post traces the history of DDoS, looks at the people and technologies involved, and tells the story of the unlikely (then) 25-year-old hero Barrett Lyon.

Wednesday, August 25, 2010

I recently uploaded a large FreeMind map that I collected over 2008, in an effort to get a handle on the stream of security articles, reports and incidents taking place back then. In short there was a torrent and it remains much the same today. I think you might find the ad hoc classification of material useful, as well as the groups of sources.

Note that links to items from FIRST (Forum of Incident Response and Security Teams) are now broken since their once excellent news service has been discontinued.

All sources for my security and risk FreeMind maps are available here.

I have been meaning for some time to post a link to this wonderful paper from late 2007 on the top information security risks for the then coming year. The paper was a collaborative work from several groups of security professionals, led by Gary Hinson, keeper of the fantastic NoticeBored site of security awareness material. The paper is excellent in that it clearly separates threats, vulnerabilities and impacts, and then creates risks as scenarios from the interplay of these three collections, with controls coming as final recommendations. The whole approach just seems so clean and sensible, and demonstrates the distinctions amongst risk terms which sometimes get lost in our daily language.

Now added to my IT Risk collection on Scribd, thanks to Gary Hinson for removing the copyright protection.

Tuesday, August 24, 2010

The 2008 PhD thesis of Domenico Salvati from the Laboratory for Safety Analysis at ETH, Zurich, on the Management of Information System Risks is available online. Salvati presents a structured approach to the IT risk management process which has some novel differences as compared to the more familiar frameworks. The thesis contains a long examples on computing the risk of a brute force password attack, and the risk of phishing attacks. The work has a very practical flavour as Salvati was sponsored by Credit Suisse for the thesis, as part of ZISC.

You can find a short bio on Domenico as part of the upcoming hashdays security and risk conference in Zurich.

Quantum computers can break the RSA and El Gamal public-key cryptosystems, since they can factor integers and extract discrete logarithms. If we believe that quantum computers will someday become a reality, we would like to have post-quantum cryptosystems which can be implemented today with classical computers, but which will remain secure even in the presence of quantum attacks. In this article we show that the McEliece cryptosystem over rational Goppa codes resists precisely the attacks to which the RSA and El Gamal cryptosystems are vulnerable---namely, those based on generating and measuring coset states.

Shor’s algorithm is a general method for computing the period of certain functions, and it can be applied to computing the orders of elements modulo a composite number for example (see my post Quantum Computing: are you Shor? for some details). Shor’s algorithm is not directly applicable to the McEliece cryptosystem since it is based on a hard problem from coding theory, and is not obviously solvable by computing periods of functions. The new paper seems to demonstrate that no connection will be found.

However the authors caution that there may be another quantum approach distinct from the principles of Shor’s algorithm that efficiently breaks the McEliece cryptosystem. On the other hand, there is a growing consensus that NP-complete problems do not have efficient quantum algorithms (see the diagram in this post), and the McEliece cryptosystem is based on an NP-hard problem (which means it is at least as hard as an NP-complete problem).

Tuesday, August 17, 2010

Imperva recently announced an update to their analysis of the 32 million passwords that were exposed by the RockYou site earlier this year. The update is concerned with a specific analysis of the spanish passwords included in the breach, of which there were just over 2 million. Imperva together with Spanish marketing firm Agua Marketing found the following breakdown of password preferences – note that almost half of the passwords are based on personal names.

Sunday, August 15, 2010

Here is a short cryptography lecture from Scott Aaronson, delivered as part of his Quantum Computing Since Democritus course given at the University of Waterloo, Fall 2006. The lecture gives a short text-based overview of crypto from mainly a complexity point of view, and discusses some of the implications of the “P = NP?” question for crypto.

Tuesday, August 3, 2010

Just a note to say that over the last few days there has been a jump in reads on a few of my AES posts, in particular for Are AES 256-bit keys too large? and AES-256 and Reputational Risk. I can't find any obvious reason why, however these posts do appear amongst the top google search results for "aes 256" or "aes-256".